Cyber “Hoot” Wednesday: Two-Factor Authentication

Cyber “Hoot” Wednesday: Two-Factor Authentication

We’re all familiar with using passwords and some are experienced with password managers, but they aren’t always the best way to secure your critical accounts. If you’re using a password manager you may be surprised that sometimes these unique, complex, randomly generated passwords are still not enough to secure your critical accounts. To protect your critical information and accounts you need something even stronger and more secure, something the technologists and IT professionals calls two-factor authentication, often abbreviated as 2FA.

What is Two-Factor Authentication?

Two-factor authentication is simply combining and using two of the following three identification factors:

Something you know – a password or passphrase on your account;

Something you have – your cell phone‘s ability to provide a random 6-digit code or to receive a code from a text message;

Something you are – your physical characteristics such as a fingerprint, facial recognition, voice recognition, or even an iris scan.

If you use two of these three identification factors, you are using 2FA to authenticate yourself, and your critical accounts and data will be properly secured. This is the gold standard of authentication and protection.

Why is 2FA Important on Critical Accounts?

According to this Symantec Info-graphic “80% of data breaches could be eliminated by the use of two-factor authentication.” Hackers know most people have never been trained on creating strong passphrases, using password managers, or setting up two-factor authentication to protect their critical accounts and data. Consequently, hackers send millions of sophisticated Phishing Attacks trying to steal our usernames and passwords.  Once someone clicks on one of these phishing campaigns and attempts to log in to a real looking but fake website, the hacker has your credentials. If the hacker has hacked into one of your critical accounts such as your email, bank, or Virtual Private Networking (VPN) they can do some serious damage to you and your reputation or your company’s reputation.

Domino Attack Risk

In my Blog article on Domino Attacks, hackers target every single person you’ve corresponded with in that compromised email account with a sophisticated phishing attacks. The dominoes begin to fall as hackers break into your contact’s critical accounts person by person and company by company.

Account Reset Risk

If hackers breach your email account, this is also where all your other account resets emails go for approval. If your email account is compromised, besides the Domino Attack and the personal information hackers can sift through, this account breach can allows allow hackers to reset your other account passwords to grant them access to more of your digital life. However, if you’re using two-factor authentication on your email account, you can prevent this victimization.

“If I don’t click phishing links, do I need two-factor authentication?”

Yes. Hackers now find your credentials in several ways besides successful phishing attacks. Hackers can acquire your credentials from underground forums that trade stolen credentials from breaches websites. Other hackers use viruses like Trickbot or Emotet to steal credentials from infected machines you may be using. Using a second factor on your critical accounts is something hackers cannot get around, because to compromise your 2FA protected account, a hacker would need access to your cell phone and be able to unlock it to gain access to the randomly rotating unlock codes in your 2FA application.

“How hard is it to setup 2FA?”

Not hard at all. Setting up 2FA on all your critical accounts (you’re probably already doing this for your bank accounts) is easier than you may think. Most 2FA is already available, free to set up, and easily found within your online account’s “Password” or “Security” settings. Look for “Advanced Security”, “Advanced Settings” or search for “two-factor authentication” in the website’s help menus. Calling the website support line is another option to walk you through the set up quickly and easily. There’s even a website dedicated to listing websites that support 2FA or not.

Conclusion:

Don’t let hackers get the upper hand on your critical accounts. Protect yourself personally and professionally by setting up two-factor authentication today on all of your critical accounts. It’s the perfect example of “an ounce of prevention being worth a pound of cure”. You’ll be happy you did.

Call to Action:

As employers and resellers, we need to be perfect at protecting our critical accounts and critical data; hackers only have to succeed once for a costly cyber incident or breach. Improve your odds of success by visiting CyberHoot.com and signing up for a free 30-day trial to begin closing the Cybersecurity skills gap by training your employees. Our 5-min Cyber “Hoots” teach your staff about Passwords, Passphrases, Password Managers, Two-factor Authentication, WiFi Insecurities and dozens of other important cybersecurity topics. Are you doing everything you can to reduce your risks?

Craig, Co-Founder – CyberHoot

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.

Leave a Reply

Your email address will not be published. Required fields are marked *